Nginx 配置 SSL访问

1、生成密钥
首先下载http://slproweb.com/products/Win32OpenSSL.html （根据系统选择32位或者64位版本下载安装），我下载的是：Win64OpenSSL_Light-1_1_1m.exe，然后执行命令

openssl genrsa -des3 -out biznginxssl.key 1024

2、生成证书签名请求

openssl req -new -key biznginxssl.key -out biznginxssl.csrEnter pass phrase for biznginxssl.key:123456
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:GD
Locality Name (eg, city) []:GZ
Organization Name (eg, company) [Internet Widgits Pty Ltd]:FCC
Organizational Unit Name (eg, section) []:FCC
Common Name (e.g. server FQDN or YOUR name) []:BIZFCC
Email Address []:fcclzydouble@163.comPlease enter the following 'extra' attributes
A challenge password []:123456
An optional company name []:FCC

3、去除密码

openssl rsa -in biznginxssl.key.bak -out biznginxssl.key

4、生成证书

openssl x509 -req -days 3650 -in biznginxssl.csr -signkey biznginxssl.key -out biznginxssl.crt
Signature ok
subject=C = CN, ST = GD, L = GZ, O = FCC, OU = FCC, CN = BIZFCC, emailAddress = fcclzydouble@163.com
Getting Private key

5、配置nginx

server {listen       443 ssl;server_name  localhost;ssl_certificate      D:/bzyyMgr/nginx-1.20.2/ssl/biznginxssl.crt;ssl_certificate_key  D:/bzyyMgr/nginx-1.20.2/ssl/biznginxssl.key;ssl_session_cache    shared:SSL:10m;ssl_session_timeout  1440m;ssl_ciphers  HIGH:!aNULL:!MD5;ssl_prefer_server_ciphers  on;location / {proxy_pass http://myapp;proxy_set_header Host $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_send_timeout 18000;proxy_read_timeout 18000;proxy_connect_timeout 18000;}}

6、把nginx 中的80端口重定向到443

server {listen 80;server_name localhost;rewrite ^(.*)$ https://${server_name}$1 permanent;
}

7、最后效果如下图

本文来自互联网用户投稿，文章观点仅代表作者本人，不代表本站立场，不承担相关法律责任。如若转载，请注明出处。 如若内容造成侵权/违法违规/事实不符，请点击【内容举报】进行投诉反馈！